Overview
Trellix Intrusion Prevention System (IPS) is a next-generation intrusion detection and prevention system (IDPS) that discovers and blocks sophisticated malware threats across the network. It uses advanced detection and emulation techniques, moving beyond traditional pattern matching to defend against stealthy attacks with a high degree of accuracy.
To meet the needs of demanding networks, IPS can scale to more than 30 Gbps with a single device—and up to 100 Gbps when stacked. The integrated Trellix solution portfolio streamlines security operations by combining real-time Trellix Global Threat Intelligence (GTI) feeds with rich contextual data about users, devices, and applications for fast, accurate responses to network-borne attacks.
Protection against today’s stealthy threats
Trellix IPS combines intelligent threat prevention with intuitive security management to improve detection accuracy and streamline security operations. Your network faces advanced attacks that can evade traditional detection methods—which is why our IPS layers multiple signature and signature-less detection engines to help prevent unwanted malware from wreaking havoc on your network. It performs deep inspection of network traffic using a combination of advanced technologies, including full protocol analysis, threat reputation, and behavior analysis to detect and protect against malware callbacks, denial-of-service (DoS), zero-day attacks, and other advanced threats.
Integrated security
Trellix IPS integrates with Trellix Intelligent Sandbox, which combines indepth static code analysis, dynamic analysis (malware sandboxing), and machine learning to detect zero-day threats, including threats that use evasion techniques and ransomware.
Our IPS also combines file reputation from Trellix GTI and offers integration with Trellix ePO and Enterprise Security Manager for real-time correlation of network events across all relevant sources. The combined solution incorporates device details, user information, endpoint security posture, vulnerability assessments, and other rich information to help your organization better understand threat severity and business risk factors.
Performance and availability
Trellix IPS offers the best of both worlds— security and high performance. It combines a single-pass, protocol-based inspection architecture with purpose-built, carrier-class hardware to achieve real-world inspection up to 100 Gbps. Its efficient architecture preserves performance regardless of security settings, outperforming other IPS solutions that can experience up to a 50% reduction in throughput with security-over-performance policies.
Our IPS also provides active-active and active-passive modes with stateful failover, enabling you to meet high availability service-level agreements while avoiding the bottlenecks of slower performing appliances or over-burdened stand-alone solutions.
Scalable hardware provides investment protection
Trellix NS7500 and NS9500 series appliances offer flexibility so you can buy what you need now, and easily scale throughput as needed via a software license. You can also add more capacity by stacking multiple NS9500 appliances.
Visibility and control
Make informed decisions about the applications and protocols on your network. Trellix IPS was the first IDPS solution to combine advanced threat prevention and application awareness into a single security decision engine. We correlate threat activity with application usage, including Layer 7 visibility of more than 2,000 applications and protocols. This enables you to make more informed decisions about which applications you allow on your network.
In addition to application identification, our IPS provides user and device visibility. It prioritizes risky hosts and users, including active botnets, through the identification of anomalous network behavior.
Intelligent, scalable security management
Make the most of your security investment through intelligent network security management. IPS Manager provides scalable webbased management from two to several hundred network security appliances. It offers intuitive, progressive disclosure workflows that guide administrators to relevant alerts, along with easy-to-use security dashboards that automatically prioritize events based on alert severity and relevancy.
Specifications
1) Console port (1)
2) QSFP28 100/QSFP+ 40 Gigabit Ethernet ports (2)
3) Two slots for I/O modules (Any combination of the interface modules can be used)
- QSFP28 100/QSFP+ 40 Gigabit Ethernet ports (2)
- QSFP+ 40 Gigabit Ethernet ports (4)
- QSFP+ 40 Gigabit Ethernet ports (2)
- SFP/SFP+ 1/10 Gigabit Ethernet Monitoring ports (8)
- 1/10 Gigabit Ethernet LC Fiber Monitoring ports with passive fail-open (4)
- RJ-45 10/100/1000 Mbps Ethernet Monitoring ports (6)
- RJ-45 100/1000/10000 Mbps Ethernet Monitoring ports (4)
- 100/40 Gigabit SR MTP/MPO Monitoring ports with passive fail-open (2)
4) RJ-45 100/1000/10000 Mbps Ethernet Monitoring ports (4)
The supported transceiver modules are QSFP28 (MM and SM), QSFP28 Copper, QSFP+ (MM and SM), QSFP+ Copper, SFP+ (MM and SM), SFP Fiber (MM and SM) and SFP Copper.
1) Power supply A/B (Pwr A/Pwr B)
2) USB ports (2)
3) RJ-45 1000/10000 Management port (Mgmt) (1)
4) RJ-45 1000/10000 Response port (R1) (1)
| Sensor Hardware Model: NS9500 |
| |
10 Gbps license
(1 unit) |
20 Gbps license (1 unit) |
30 Gbps license
(1 unit) |
40 Gbps license
(2 unit) |
60 Gbps license
(2 unit) |
100 Gbps license
(4 unit) |
| Performance |
| Aggregate performance |
10 Gbps |
20 Gbps |
30 Gbps |
40 Gbps |
60 Gbps |
100 Gbps |
Maximum throughput
(UDP 1512-byte packets) |
Up to 15 Gbps |
Up to 25 Gbps |
Up to 35 Gbps |
Up to 50 Gbps |
Up to 70 Gbps |
Up to 100 Gbps |
| Maximum concurrent connections |
10,000,000 |
13,000,000 |
16,000,000 |
26,000,000 |
32,000,000 |
64,000,000 |
| Connections per second |
450,000 |
525,000 |
650,000 |
1,000,000 |
1,300,000 |
2,500,000 |
| HTTP connections per second |
260,000 |
300,000 |
350,000 |
600,000 |
700,000 |
1,400,000 |
Throughput with SSL decryption
(based on 10% SSL traffic) |
10 Gbps |
18 Gbps |
26 Gbps |
36 Gbps |
52 Gbps |
90 Gbps |
Throughput with SSL decryption
(100% SSL traffic) |
8 Gbps |
11 Gbps |
15 Gbps |
22 Gbps |
30 Gbps |
60 Gbps |
| Maximum SSL flow count |
1,000,000 |
1,300,000 |
1,600,000 |
2,600,000 |
3,200,000 |
6,400,000 |
| SSL keys imported |
1,024 |
1,024 |
1,024 |
1,024 |
1,024 |
1,024 |
| Number of virtual IPS systems |
1,000 |
1,000 |
1,000 |
1,000 |
1,000 |
1,000 |
| Maximum DoS profiles |
5,000 |
5,000 |
5,000 |
5,000 |
5,000 |
5,000 |
| ACL rules |
10,000 |
20,000 |
30,000 |
20,000 |
30,000 |
30,000 |
| Ports |
| Fixed 10 GB ethernet/ 1 GB ethernet RJ45 ports—with internal fail-open |
4 |
4 |
4 |
8 |
8 |
16 |
| Fixed 100/40 GB ethernet ports |
2 |
2 |
2 |
— |
— |
— |
| Network I/O slots |
2 |
2 |
2 |
4 |
4 |
8 |
| Network I/O modules (nine options) |
- 2-port QSFP28 100/QSFP+ 40 GigE module
- 4-port 10 GigE/1 GigE SR Optical 50 micron with fail-open
- 4-port 10 GigE/1 GigE SR Optical 62.5 micron with fail-open
- 4-port 10 GigE/1 GigE LR Optical with fail-open
- 4-port (QSFP+) 40 GigE
- 2-port (QSFP+) 40 GigE
- 8-port (SFP+/SFP) 10 GigE/1 GigE
- 6-port (RJ45) 1 GigE (with internal fail-open)
- 4-port (RJ45) 10 GigE/1 GigE/100 Mbps (with internal fail-open)
|
| 10 gigabit ethernet |
Up to 20 |
Up to 20 |
Up to 20 |
Up to 40 |
Up to 40 |
Up to 80 |
| 40 gigabit ethernet |
Up to 10 |
Up to 10 |
Up to 10 |
Up to 16 |
Up to 16 |
Up to 32 |
| 100 gigabit ethernet |
Up to 6 |
Up to 6 |
Up to 6 |
Up to 8 |
Up to 8 |
Up to 16 |
| Dedicated response ports (RJ45) |
1 (10G/1G) |
1 (10G/1G) |
1 (10G/1G) |
2 (10G/1G) |
2 (10G/1G) |
4 (10G/1G) |
| Dedicated management ports (RJ45) |
1 (10G/1G) |
1 (10G/1G) |
1 (10G/1G) |
2 (10G/1G) |
2 (10G/1G) |
4 (10G/1G) |
| Physical |
| Dimensions |
17 ¼” (W) x 29 1/16” (D) x 1 ¾” (H) |
17 ¼” (W) x 29 1/16” (D) x 1 ¾” (H) |
17 ¼” (W) x 29 1/16” (D) x 1 ¾” (H) |
2 units each measure
17 ¼” (W) x 29 1/16” (D) x 1 ¾” (H) |
2 units each measure
17 ¼” (W) x 29 1/16” (D) x 1 ¾” (H) |
4 units each measure
17 ¼” (W) x 29 1/16” (D) x 1 ¾” (H) |
| Weight |
28.55 lbs |
28.55 lbs |
28.55 lbs |
2 x 28.55 lbs |
2 x 28.55 lbs |
4 x 28.55 lbs |
| Storage |
2x240 GB M.2 (SW RAID) |
2x240 GB M.2 (SW RAID) |
2x240 GB M.2 (SW RAID) |
4x240 GB M.2 (SW RAID) |
4x240 GB M.2 (SW RAID) |
8x240 GB M.2 (SW RAID) |
| Maximum power consumption |
— |
— |
— |
2 x 598W |
2 x 598W |
4 x 598W |
| DC power available |
Optional |
Optional |
Optional |
Optional |
Optional |
Optional |
| Spare power supply |
Included |
Included |
Included |
Included |
Included |
Included |
| Power |
100–240 VAC (50/60Hz) |
100–240 VAC (50/60Hz) |
100–240 VAC (50/60Hz) |
100–240 VAC (50/60Hz) |
100–240 VAC (50/60Hz) |
100–240 VAC (50/60Hz) |
| Temperature |
0° C to 35° C (operating)
-40° C to 70° C (non-operating) |
0° C to 35° C (operating)
-40° C to 70° C (non-operating) |
0° C to 35° C (operating)
-40° C to 70° C (non-operating) |
0° C to 35° C (operating)
-40° C to 70° C (non-operating) |
0° C to 35° C (operating)
-40° C to 70° C (non-operating) |
0° C to 35° C (operating)
-40° C to 70° C (non-operating) |
| Relative humidity (non-condensing) |
Operational: 10% to 90%
Non-operational: 5% to 95% |
Operational: 10% to 90%
Non-operational: 5% to 95% |
Operational: 10% to 90%
Non-operational: 5% to 95% |
Operational: 10% to 90%
Non-operational: 5% to 95% |
Operational: 10% to 90%
Non-operational: 5% to 95% |
Operational: 10% to 90%
Non-operational: 5% to 95% |
| Altitude |
0 to 10,000 feet |
0 to 10,000 feet |
0 to 10,000 feet |
0 to 10,000 feet |
0 to 10,000 feet |
0 to 10,000 feet |
| Product regulatory compliance |
| Safety certification |
UL 60950-1, UL 62368-1 (USA); CSA 22.2.No. 60950-1, CSA 22.2 No. 62368-1 (Canada); EN 60950-1, EN 62368-1 (Europe); CNS 14336-1 (Taiwan); GB 4943.1 (China) IEC 60950-1, IEC 62368-1 (International)—CB Scheme certificate and test report covering all applicable country deviations; IEC 60825 and 21CFR1040 |
| EMI certification |
FCC Part 15 Subpart B Class A (USA); CAN ICES-3 Class A (Canada); EN 55032, EN 55024, EN 55035, EN61000-3-2, EN61000-3-3 (Europe and International); KN32 and KN35 (South Korea); VCCI 32-1 (Japan); AS/NZS CISPR 32 (Australia and New Zealand); CNS 13438 (Taiwan); GB 9254-2008 and GB 17625.1 (China) |
| ROHS compliance |
Restriction of Hazardous Substances Compliance per applicable directives and standards (Europe, China, Taiwan, and international) |
